09-30-2013 09:48 PM
Hi,
I would like to restrict the netbackup admin console access to other users so that they cannot start manual backup, restart, delete, modify etc...but they should have access to verify all the details in activity monitor and policy details.
is there any possiblility to do that, if yes kindly share your inputs.
we are using Netbackup 7.1.0.4
OS : Windows 2008 , let me know if you need any other details.
Thanks
Chan
Solved! Go to Solution.
09-30-2013 10:28 PM
it looks like you need to impliment the NBAC to get your requirement fulfilled..
you can use auth.conf with the help of the java console but it will only resticts the access to specific component but not the persmission level on it.
so you need to impliment the NBAC to give the read access to specifc users.
you can look into below T/N about NBAC
http://www.symantec.com/business/support/index?page=content&id=HOWTO46729
http://www.symantec.com/business/support/index?page=content&id=HOWTO46963
http://www.symantec.com/business/support/index?page=content&id=HOWTO46896
09-30-2013 10:28 PM
it looks like you need to impliment the NBAC to get your requirement fulfilled..
you can use auth.conf with the help of the java console but it will only resticts the access to specific component but not the persmission level on it.
so you need to impliment the NBAC to give the read access to specifc users.
you can look into below T/N about NBAC
http://www.symantec.com/business/support/index?page=content&id=HOWTO46729
http://www.symantec.com/business/support/index?page=content&id=HOWTO46963
http://www.symantec.com/business/support/index?page=content&id=HOWTO46896
09-30-2013 11:12 PM
Hi Nagalla,
The above link is informative, still i need step by step procedure to configure.
does configuring NBAC impact the backups?
I have desktop or laptop installed with NB Java console, i need to give read permission to that particular user to access the NB console.
Please help me.
Thank you
10-01-2013 12:07 AM
Java Console cannot be used for granular level control (e.g. read only on policies or ability to cancel backups).
You need to config NBAC for the level of control that you need. It does not affect backups - just administration.
You will find lots of links from this page: http://www.symantec.com/docs/HOWTO46963 for example: See Configuring NetBackup Access Control (NBAC) on standalone master servers
Above doc contains step-by-step procedure.
Please read up on all relevant info before you start, e.g all of these links (and all that seems relevant to you):
See About authorization objects and permissions
See About defining a user group and users
See About determining who can access NetBackup
etc... etc....
10-01-2013 03:25 AM
Good Information on configuring and using NBAC.
Thanks for sharing Marianne !!!
10-01-2013 04:38 AM
Your question about whether NBAC will impact on your backups.
It will not, if you configure it just using the minimal setup (on master server only) and the setup completes successfully. Otherwise it may affect your backup, but to revert you can always change the USE_VXSS from "Automatic" (or "Required") back to "Prohibited".
Sometimes you may also get catalog backup failed after setting up NBAC, if that's the case check out:
http://www.symantec.com/docs/TECH157230
http://www.symantec.com/docs/TECH166043
10-01-2013 09:05 PM
Use OpsCenter - I think the free version will do the same.
If you go down the NBAC path the first thing you need to know is how to disable it. There is a high probablity you will lock yourself out.
10-07-2013 07:02 AM
I like the OpsCenter idea. I used it to setup access for the Help Desk. For certain clients, they can review backup job status and details. They have access to restore files but not to start, stop, modify, or delete backup jobs or policies.